Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe

  • Size

    91KB

  • MD5

    36ca227404895d1a836f0fd5d7ce94d0

  • SHA1

    957f90be00404758b3afb88097f8c804fa8a65e5

  • SHA256

    3648fd0393d552e11a9d493c5dba80a21b664fbcfdc35f47589d41e8f13b88fb

  • SHA512

    b9cd3fb5ad64585df0600aace994af028caa44f069d3f32ed75f41b0eaa908a37cccc170b2d1457761e406fb22da2a0a1b315a2028cbace22c3e84455555b6d0

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN0U6PG0PGo:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPx/

Score
9/10

Malware Config

Signatures

  • Renames multiple (3437) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36ca227404895d1a836f0fd5d7ce94d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2592

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

          Filesize

          91KB

          MD5

          737da1f4a09947d7a7084fc77ee9ae67

          SHA1

          c4a2f799d77da8e953da3a80296f1d8f48fedb44

          SHA256

          2d8c1e50d7b069a75fe50f3e9e3b22340be027aa70d8ede4625face50fc5c522

          SHA512

          5772f7d72f60cd2852e61a2ffcf8337ea12d18422bec23277d9feef329a68d49e982d140d234b4e2c94b4e62f4bdcd15ca98cb1a33a14ecdd2e6f56c6a02a519

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          100KB

          MD5

          51511e9d2c94d24a49ab7dded7c5e498

          SHA1

          8196ecd7ddde367089bbf4e53de959651654c2eb

          SHA256

          db54a1b597b1d22533617133e96c831c48646dc75e65eebe6badcfed236ecbc1

          SHA512

          e08314251ff8c849a5004a7644ffbc84143c049facaddf68708d1fd85d16332c723330359713f60ffd861c772302c2b9689dd814b71f056052fcdd2175ad6b0a